-
Notifications
You must be signed in to change notification settings - Fork 2
Easy access control and roles for CRUD operations.
License
mrchucho/easy-access
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Easy Access =========== Easy access control and roles for CRUD operations. Easy Access provides a mixin for your User model that adds a simple role-based access control system for the standard CRUD operations. A default access control routine is supplied, but it can be overridden on a model-by-model basis allowing for very fine-grained control. Every CRUD operation has a corresponding User method and model hook. Implement the model hooks(e.g. can_be_viewed_by?, can_be_edited_by?, etc.) and/or the default AccessSystem::has_privilege_for? to customize your specific access controls. Installation ============ ./script/plugin install http://github.com/mrchucho/easy-access.git ./script/generate easy_access Role Example ======= The can_(create|view|update|destroy)? methods can safely be used in any Controller: class RestrictedModelController < ApplicationController def create @model = RestrictedModel.build(params[:model]) raise PermissionDenied unless current_user.can_create?(@model) @model.save! redirect_to restricted_model_path(@model) end def show raise PermissionDenied unless current_user.can_view?(@model) end def update @model = RestrictedModel.find(params[:id]) raise PermissionDenied unless current_user.can_update?(@model) @model.save! redirect_to restricted_model_path(@model) end def destroy @model = RestrictedModel.find(params[:id]) raise PermissionDenied unless current_user.can_destroy?(@model) @model.destroy redirect_to restricted_models_path end By default AccessSystem::has_privilege_for? provides coarse-grained access controls. To implement fine-grained access control for a specific model: class RestrictedModel < ActiveRecord::Base # ... def can_be_viewed_by?(user) user == self.user end def can_be_updated_by?(user) if self.state == :closed false else user == self.user end end def can_be_destroyed_by?(user) user.roles.any?{|r| r.name.eql?("Destroyer")} end class ReadOnlyModel < ActiveRecord::Base def can_be_viewed_by?(user); true; end def can_be_destroyed_by?(user); false; end def can_be_created_by?(user); false; end def can_be_updated_by?(user); false; end Note that you only need to override those hooks for which more specific controls are required. Copyright (c) 2008 Ralph M Churchill, released under the MIT license
About
Easy access control and roles for CRUD operations.
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published